| schema:text
| - Analysis: What happens to personal data collected through airport e-security gates?
[The Airport Authority has updated its privacy policy statement on Jan. 4, 2021. The content and links in the article are revised accordingly.]
[點擊查看本文中文版]
A recent post on Facebook suggests people can opt out of the e-security gates at the Hong Kong International Airport (HKIA) in order to protect their personal information.
Quoting “someone who has worked at the airport and in the aviation industry for more than 20 years,” the post claims the e-security gates collect the passenger’s personal information including images of their face.
The post encourages passengers to have their passport and boarding pass manually checked by security staff instead of going through the machines in order to protect their personal information.
First shared on July 26 in a pro-democracy Facebook group, the post and its subsequent shares have since received more than 14,000 interactions.
It was reposted by Hong Kong pro-democracy activist Joshua Wong and politician Gary Fan. These two reposts have generated about 4,000 likes and 2,000 shares cumulatively.
The e-security gates are located outside of the airport’s restricted area. After check-in and baggage drop-off, passengers proceed to have their passports and boarding passes checked at the e-security gates before entering the restricted area for their security scan and immigration check.
Annie Lab looked into the validity of the claims in the post and contacted the Airport Authority (AA) over email for clarification.
1. What is the purpose of these gates?
[Updated in September 2021]
In the latest version of the privacy policy statement, the AA spells out four purposes of using the personal data acquired: 1) to verify the right of entry to the airport restricted area, 2) to safeguard the area, 3) to facilitate airport operations and 4) to conduct analytics for the improvement of the operation.
[The following part was published on Aug. 14, 2020]
The e-security gates at HKIA were launched in September 2018 and are equipped with facial-recognition technology. Going through the e-security gate is the first step of security screening for departing passengers after check-in and baggage drop-off.
The gates collect the personal information necessary to validate the passenger’s identity to allow entry to the airport’s restricted area. The passenger can then proceed to the security check and immigration check before boarding.
The Constitutional and Mainland Affairs Bureau said the personal information is collected to match the travellers to their travel documents, according to a written reply to lawmaker Charles Mok’s inquiry regarding the use of facial recognition technologies by government departments and public organizations.
Another purpose of the e-security gates is to speed up the security screening process, according to an AA press release from 2018. The gates can shorten the processing time from 2.5 minutes to 20 seconds and “provide a seamless experience for travellers,” said Chris Au Young, general manager of Smart Airport for the AA.
In an email to Annie Lab, the AA also said the data gathered through the machine makes it easier to balance the passenger loading between the airport’s north and south departure halls.
2. Can you bypass the e-security gates to have your boarding pass and passport checked by a human?
Yes, you can. Annie Lab can confirm this as one of its team members went through the manual check in December 2019.
Instead of going through the e-security gates, passengers can proceed through the Assisted Channels, where the boarding pass and passport will be manually checked by staff members of the AVESCO, the company in charge of the airport security. In this case, “no personal data will be collected,” said the AA in their email.
Some 19.8 million departure passengers used the e-security gate in 2019, while around 0.24%, or about 47,000 of departure passengers, opted out of it, according to the AA.
3. What kinds of data does the e-security gate collect? Will AA store the facial features of the passengers and their travel destinations?
[Updated in September 2021]
The updated privacy policy states the personal data of the e-security gate users will be kept confidential as in the previous version. However, the AA says it may share the data to third party service providers to achieve the four purposes described earlier in this article.
The new statement no longer mentions a “prior express consent” from the personal information owner, which was deemed “required” in the older version. Also, the updated policy no longer guarantees anonymity when the personal data is transferred to the third party service providers.
[The following part was published on Aug. 14, 2020]
When a passenger goes through the e-security gate, their personal data will be automatically collected. According to the privacy policy statement (link updated to the archived version), the data includes:
Your travel document photograph, your full name, date of birth, gender, nationality and place of birth;
Your name and flight information as recorded in your boarding pass; and
Your live facial features.
Seven days after the flight departure, the AA retains and stores only anonymous data collected from the passengers for statistical data analysis.
The data does not include images of the passenger’s face or any personal information that can be traced back to the passenger directly. Specifically, the stored data includes:
- Nationality;
- Place of birth;
- Age group;
- Gender;
- Month and year of birth; and
- Flight information (including date of travel, origin, destination, airline, scheduled departure time, class of travel).
The airport stated that all personal data will “be kept confidential” and that it will not release the data to third parties unless prior expressed consent is obtained.
In their email the spokesperson told Annie Lab that “the AA has not shared any data with third parties since the launch of the e-Security Gate.”
However, in some cases, the airport is obliged to share information with third parties, according to the privacy policy (link updated to the archived version). When airport security is at stake or it is required by law of Hong Kong, the airport is entitled to disclose your personal data to the following parties:
a. Authorized personnel of Aviation Security Company Limited (AVSECO) and the Airport Authority for the handling of security access and controls and incident investigation to safeguard airport security at airport;
b. Hong Kong Special Administrative Region (“HKSAR”) government authorities for the purpose of safeguarding airport users and aviation security, provided that such authorities are subject to confidentiality and privacy obligations that are materially similar to those set out in the privacy policy;
c. Any other third party where such disclosure is mandated by relevant HKSAR government authorities or as may be required by law or a court of law of Hong Kong.
4. How can I be certain that my personal information is safe?
The AA said it adopts strict security control to ensure the data is stored safely. “The data collected will be encrypted and stored in a local server at Hong Kong International Airport instead of in [the] cloud or in systems of external service providers,” wrote the spokesperson.
The AA says it deletes all personal data that can be traced back to the individual seven days after the flight departure and that an “erasure record” is generated as a proof. This allows the AA to comply with the Personal Data (Privacy) Ordinance in Hong Kong “in all respects including the collection, retention and deletion of personal data, among others.”
But Annie Lab has not seen the erasure record and cannot independently confirm the validity of the statement.
5. How does AA use the anonymous data? Will the results of the analysis be publicized?
“Other anonymous data, such as gender and flight information, will be retained for internal statistical analysis,” wrote the spokesperson. “They will form part of the inputs to the continuous improvement projects of the airport and will not be publicized.”
Such statistical analysis includes the number of passengers, the estimated amount of time they spend inside the restricted area, the popularity of various destinations and more, according to the AA’s email to Annie Lab.
Original post:
喺航空界同機場做左20年嘅人話你知。。。
*Forward俾多啲人知please…
我眼見好多人喺機場自動自覺去呢部機俾政府/機管局收集你嘅資料。包括你個樣,護照/回鄉證資料,機票資料。
其實,呢部機唔係政府,係機管局用黎收集所謂統計數據。你可以去返人手櫃位,話唔願意被收集,佢(AVSECO, 唔係政府人員) 就用人眼望下你個樣,機票,同passport/回鄉證,就算。咁樣政府/機管局 就唔知你去邊同埋你”最新”個樣係點。
啲AVSECO叫你行埋去嗰部機做,就話”我唔想被收集”就得。有晒terms講可以拒絕收集用返人手幫助。
點解呢部機擺喺禁區外? 咪就係因為呢部機唔係出入境要求嘅一部份囉!佢扮到你一定要俾佢scan咁。仲有,呢部機唔係由入境處睇,只係由扮紀律部隊嘅AVSECO(機場保安) 負責。
唔信? 唔緊要,你下次搭飛機試自己試下。
傻的先會自願俾佢收集。
Translation:
A word from someone who has worked at the airport and in the aviation industry for more than 20 years… Please forward and let as many people as possible know about this.
I saw so many people voluntarily and automatically go to the e-security gates at the airport to give the government/the AA their personal information, including your image, passport/Mainland Travel Permit for Hong Kong and Macau Residents and flight information.
In fact, this machine is not collecting information for the government but is collecting information for the AA. You can go back to the Assisted Channel and say you don’t want to have your personal information collected. The staff from AVSECO (not government officials) will just look at your appearance, flight ticket, passport or Mainland Travel Permit for Hong Kong and Macau Residents, and that’s it. In this way the government/the AA wouldn’t know your “latest” appearance.
If the AVESCO staff tells you to go to the e-security gate, you can just say “I don’t want my information collected.” There are terms that say you can opt out the e-security gates and use the manual help.
Why are these machines placed outside the restricted area? Because they are not required by the immigration process. [The airport] just set it up to make you believe you are required to go through the e-security gates. Also, the immigration office doesn’t look at [the collected information from] these machines, only the AVESCO, i.e. the security guards of the airport, would be in charge of these machines.
You don’t believe me? Doesn’t matter. Just try it yourself the next time you take a flight.
Only stupid people would voluntarily give their information away.
|
![[RDF Data]](/fct/images/sw-rdf-blue.png)
![[cxml]](/fct/images/cxml_doc.png)
![[csv]](/fct/images/csv_doc.png)
![[text]](/fct/images/ntriples_doc.png)
![[turtle]](/fct/images/n3turtle_doc.png)
![[ld+json]](/fct/images/jsonld_doc.png)
![[rdf+json]](/fct/images/json_doc.png)
![[rdf+xml]](/fct/images/xml_doc.png)
![[atom+xml]](/fct/images/atom_doc.png)
![[html]](/fct/images/html_doc.png)